exploitDog

CVE-2016-3740

Опубликовано: 04 апр. 2017

Источник: nvd

CVSS3: 7.8

CVSS2: 6.8

EPSS Низкий

Описание

Heap-based buffer overflow in the CreateFXPDFConvertor function in ConvertToPdf_x86.dll in Foxit Reader 7.3.4.311 allows remote attackers to execute arbitrary code via a large SamplesPerPixel value in a crafted TIFF image that is mishandled during PDF conversion. This is fixed in 8.0.

Ссылки

https://0patch.blogspot.com/2016/07/0patching-foxit-readers-heap-buffer.html
Third Party Advisory
https://www.foxitsoftware.com/support/security-bulletins.php
Vendor Advisory
https://0patch.blogspot.com/2016/07/0patching-foxit-readers-heap-buffer.html
Third Party Advisory
https://www.foxitsoftware.com/support/security-bulletins.php
Vendor Advisory

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:a:foxitsoftware:foxit_reader:7.3.4.311:*:*:*:*:*:*:*

EPSS

Процентиль: 79%

0.01279

Низкий

7.8 High

CVSS3

6.8 Medium

CVSS2

Дефекты

CWE-119

Связанные уязвимости

GHSA-7w5w-v49g-pq2m

CVSS3: 7.8

github

больше 3 лет назад

Heap-based buffer overflow in the CreateFXPDFConvertor function in ConvertToPdf_x86.dll in Foxit Reader 7.3.4.311 allows remote attackers to execute arbitrary code via a large SamplesPerPixel value in a crafted TIFF image that is mishandled during PDF conversion. This is fixed in 8.0.

EPSS

Процентиль: 79%

0.01279

Низкий

7.8 High

CVSS3

6.8 Medium

CVSS2

Дефекты

CWE-119